Overview ▹

Overview ▾

Package iam provides the client and types for making API
requests to AWS Identity and Access Management.

AWS Identity and Access Management (IAM) is a web service that you can use
to manage users and user permissions under your AWS account. This guide provides
descriptions of IAM actions that you can call programmatically. For general
information about IAM, see AWS Identity and Access Management (IAM) (http://aws.amazon.com/iam/).
For the user guide for IAM, see Using IAM (http://docs.aws.amazon.com/IAM/latest/UserGuide/).

AWS provides SDKs that consist of libraries and sample code for various programming
languages and platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs
provide a convenient way to create programmatic access to IAM and AWS. For
example, the SDKs take care of tasks such as cryptographically signing requests
(see below), managing errors, and retrying requests automatically. For information
about the AWS SDKs, including how to download and install them, see the Tools
for Amazon Web Services (http://aws.amazon.com/tools/) page.

We recommend that you use the AWS SDKs to make programmatic API calls to
IAM. However, you can also use the IAM Query API to make direct calls to
the IAM web service. To learn more about the IAM Query API, see Making Query
Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
in the Using IAM guide. IAM supports GET and POST requests for all actions.
That is, the API does not require you to use GET for some actions and POST
for others. However, GET requests are subject to the limitation size of a
URL. Therefore, for operations that require larger sizes, use a POST request.

Signing Requests

Requests must be signed using an access key ID and a secret access key. We
strongly recommend that you do not use your AWS account access key ID and
secret access key for everyday work with IAM. You can use the access key
ID and secret access key for an IAM user or you can use the AWS Security
Token Service to generate temporary security credentials and use those to
sign requests.

To sign requests, we recommend that you use Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
If you have an existing application that uses Signature Version 2, you do
not have to update it to use Signature Version 4. However, some operations
now require Signature Version 4. The documentation for operations that require
version 4 indicate this requirement.

Using the Client

To contact AWS Identity and Access Management with the SDK use the New function to create
a new service client. With that client you can make API requests to the service.
These clients are safe to use concurrently.

Internal call graph ▹

Internal call graph ▾

In the call graph viewer below, each node
is a function belonging to this package
and its children are the functions it
calls—perhaps dynamically.

The root nodes are the entry points of the
package: functions that may be called from
outside the package.
There may be non-exported or anonymous
functions among them if they are called
dynamically from another package.

Click a node to visit that function's source code.
From there you can visit its callers by
clicking its declaring func
token.

Functions may be omitted if they were
determined to be unreachable in the
particular programs or tests that were
analyzed.

const (
// ErrCodeCredentialReportExpiredException for service response error code// "ReportExpired".//// The request was rejected because the most recent credential report has expired.// To generate a new credential report, use GenerateCredentialReport. For more// information about credential report expiration, see Getting Credential Reports// (http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)// in the IAM User Guide.ErrCodeCredentialReportExpiredException = "ReportExpired"
// ErrCodeCredentialReportNotPresentException for service response error code// "ReportNotPresent".//// The request was rejected because the credential report does not exist. To// generate a credential report, use GenerateCredentialReport.ErrCodeCredentialReportNotPresentException = "ReportNotPresent"
// ErrCodeCredentialReportNotReadyException for service response error code// "ReportInProgress".//// The request was rejected because the credential report is still being generated.ErrCodeCredentialReportNotReadyException = "ReportInProgress"
// ErrCodeDeleteConflictException for service response error code// "DeleteConflict".//// The request was rejected because it attempted to delete a resource that has// attached subordinate entities. The error message describes these entities.ErrCodeDeleteConflictException = "DeleteConflict"
// ErrCodeDuplicateCertificateException for service response error code// "DuplicateCertificate".//// The request was rejected because the same certificate is associated with// an IAM user in the account.ErrCodeDuplicateCertificateException = "DuplicateCertificate"
// ErrCodeDuplicateSSHPublicKeyException for service response error code// "DuplicateSSHPublicKey".//// The request was rejected because the SSH public key is already associated// with the specified IAM user.ErrCodeDuplicateSSHPublicKeyException = "DuplicateSSHPublicKey"
// ErrCodeEntityAlreadyExistsException for service response error code// "EntityAlreadyExists".//// The request was rejected because it attempted to create a resource that already// exists.ErrCodeEntityAlreadyExistsException = "EntityAlreadyExists"
// ErrCodeEntityTemporarilyUnmodifiableException for service response error code// "EntityTemporarilyUnmodifiable".//// The request was rejected because it referenced an entity that is temporarily// unmodifiable, such as a user name that was deleted and then recreated. The// error indicates that the request is likely to succeed if you try again after// waiting several minutes. The error message describes the entity.ErrCodeEntityTemporarilyUnmodifiableException = "EntityTemporarilyUnmodifiable"
// ErrCodeInvalidAuthenticationCodeException for service response error code// "InvalidAuthenticationCode".//// The request was rejected because the authentication code was not recognized.// The error message describes the specific error.ErrCodeInvalidAuthenticationCodeException = "InvalidAuthenticationCode"
// ErrCodeInvalidCertificateException for service response error code// "InvalidCertificate".//// The request was rejected because the certificate is invalid.ErrCodeInvalidCertificateException = "InvalidCertificate"
// ErrCodeInvalidInputException for service response error code// "InvalidInput".//// The request was rejected because an invalid or out-of-range value was supplied// for an input parameter.ErrCodeInvalidInputException = "InvalidInput"
// ErrCodeInvalidPublicKeyException for service response error code// "InvalidPublicKey".//// The request was rejected because the public key is malformed or otherwise// invalid.ErrCodeInvalidPublicKeyException = "InvalidPublicKey"
// ErrCodeInvalidUserTypeException for service response error code// "InvalidUserType".//// The request was rejected because the type of user for the transaction was// incorrect.ErrCodeInvalidUserTypeException = "InvalidUserType"
// ErrCodeKeyPairMismatchException for service response error code// "KeyPairMismatch".//// The request was rejected because the public key certificate and the private// key do not match.ErrCodeKeyPairMismatchException = "KeyPairMismatch"
// ErrCodeLimitExceededException for service response error code// "LimitExceeded".//// The request was rejected because it attempted to create resources beyond// the current AWS account limits. The error message describes the limit exceeded.ErrCodeLimitExceededException = "LimitExceeded"
// ErrCodeMalformedCertificateException for service response error code// "MalformedCertificate".//// The request was rejected because the certificate was malformed or expired.// The error message describes the specific error.ErrCodeMalformedCertificateException = "MalformedCertificate"
// ErrCodeMalformedPolicyDocumentException for service response error code// "MalformedPolicyDocument".//// The request was rejected because the policy document was malformed. The error// message describes the specific error.ErrCodeMalformedPolicyDocumentException = "MalformedPolicyDocument"
// ErrCodeNoSuchEntityException for service response error code// "NoSuchEntity".//// The request was rejected because it referenced an entity that does not exist.// The error message describes the entity.ErrCodeNoSuchEntityException = "NoSuchEntity"
// ErrCodePasswordPolicyViolationException for service response error code// "PasswordPolicyViolation".//// The request was rejected because the provided password did not meet the requirements// imposed by the account password policy.ErrCodePasswordPolicyViolationException = "PasswordPolicyViolation"
// ErrCodePolicyEvaluationException for service response error code// "PolicyEvaluation".//// The request failed because a provided policy could not be successfully evaluated.// An additional detailed message indicates the source of the failure.ErrCodePolicyEvaluationException = "PolicyEvaluation"
// ErrCodePolicyNotAttachableException for service response error code// "PolicyNotAttachable".//// The request failed because AWS service role policies can only be attached// to the service-linked role for that service.ErrCodePolicyNotAttachableException = "PolicyNotAttachable"
// ErrCodeServiceFailureException for service response error code// "ServiceFailure".//// The request processing has failed because of an unknown error, exception// or failure.ErrCodeServiceFailureException = "ServiceFailure"
// ErrCodeServiceNotSupportedException for service response error code// "NotSupportedService".//// The specified service does not support service-specific credentials.ErrCodeServiceNotSupportedException = "NotSupportedService"
// ErrCodeUnmodifiableEntityException for service response error code// "UnmodifiableEntity".//// The request was rejected because only the service that depends on the service-linked// role can modify or delete the role on your behalf. The error message includes// the name of the service that depends on this service-linked role. You must// request the change through that service.ErrCodeUnmodifiableEntityException = "UnmodifiableEntity"
// ErrCodeUnrecognizedPublicKeyEncodingException for service response error code// "UnrecognizedPublicKeyEncoding".//// The request was rejected because the public key encoding format is unsupported// or unrecognized.ErrCodeUnrecognizedPublicKeyEncodingException = "UnrecognizedPublicKeyEncoding"
)

type AccessKey struct {
// The ID for this access key.//// AccessKeyId is a required field
AccessKeyId *string `min:"16" type:"string" required:"true"`
// The date when the access key was created.
CreateDate *time.Time `type:"timestamp"`
// The secret key used to sign requests.//// SecretAccessKey is a required field
SecretAccessKey *string `type:"string" required:"true"`
// The status of the access key. Active means that the key is valid for API// calls, while Inactive means it is not.//// Status is a required field
Status *string `type:"string" required:"true" enum:"statusType"`
// The name of the IAM user that the access key is associated with.//// UserName is a required field
UserName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

Contains information about an AWS access key.

This data type is used as a response element in the CreateAccessKey and ListAccessKeys
operations.

The SecretAccessKey value is returned only in response to CreateAccessKey.
You can get a secret access key only when you first create an access key;
you cannot recover the secret access key later. If you lose a secret access
key, you must create a new access key.

type AccessKeyLastUsed struct {
// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),// when the access key was most recently used. This field is null in the following// situations://// * The user does not have an access key.//// * An access key exists but has never been used, at least not since IAM// started tracking this information on April 22nd, 2015.//// * There is no sign-in data associated with the user//// LastUsedDate is a required field
LastUsedDate *time.Time `type:"timestamp" required:"true"`
// The AWS region where this access key was most recently used. This field is// displays "N/A" in the following situations://// * The user does not have an access key.//// * An access key exists but has never been used, at least not since IAM// started tracking this information on April 22nd, 2015.//// * There is no sign-in data associated with the user//// For more information about AWS regions, see Regions and Endpoints (http://docs.aws.amazon.com/general/latest/gr/rande.html)// in the Amazon Web Services General Reference.//// Region is a required field
Region *string `type:"string" required:"true"`
// The name of the AWS service with which this access key was most recently// used. This field displays "N/A" in the following situations://// * The user does not have an access key.//// * An access key exists but has never been used, at least not since IAM// started tracking this information on April 22nd, 2015.//// * There is no sign-in data associated with the user//// ServiceName is a required field
ServiceName *string `type:"string" required:"true"`
// contains filtered or unexported fields
}

Contains information about the last time an AWS access key was used.

This data type is used as a response element in the GetAccessKeyLastUsed
operation.

type AddClientIDToOpenIDConnectProviderInput struct {
// The client ID (also known as audience) to add to the IAM OpenID Connect provider// resource.//// ClientID is a required field
ClientID *string `min:"1" type:"string" required:"true"`
// The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider// resource to add the client ID to. You can get a list of OIDC provider ARNs// by using the ListOpenIDConnectProviders operation.//// OpenIDConnectProviderArn is a required field
OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}

type AddRoleToInstanceProfileInput struct {
// The name of the instance profile to update.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// InstanceProfileName is a required field
InstanceProfileName *string `min:"1" type:"string" required:"true"`
// The name of the role to add.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// RoleName is a required field
RoleName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type AddUserToGroupInput struct {
// The name of the group to update.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// GroupName is a required field
GroupName *string `min:"1" type:"string" required:"true"`
// The name of the user to add.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// UserName is a required field
UserName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type AttachGroupPolicyInput struct {
// The name (friendly name, not ARN) of the group to attach the policy to.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// GroupName is a required field
GroupName *string `min:"1" type:"string" required:"true"`
// The Amazon Resource Name (ARN) of the IAM policy you want to attach.//// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)// in the AWS General Reference.//// PolicyArn is a required field
PolicyArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}

type AttachRolePolicyInput struct {
// The Amazon Resource Name (ARN) of the IAM policy you want to attach.//// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)// in the AWS General Reference.//// PolicyArn is a required field
PolicyArn *string `min:"20" type:"string" required:"true"`
// The name (friendly name, not ARN) of the role to attach the policy to.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// RoleName is a required field
RoleName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type AttachUserPolicyInput struct {
// The Amazon Resource Name (ARN) of the IAM policy you want to attach.//// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)// in the AWS General Reference.//// PolicyArn is a required field
PolicyArn *string `min:"20" type:"string" required:"true"`
// The name (friendly name, not ARN) of the IAM user to attach the policy to.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// UserName is a required field
UserName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type AttachedPermissionsBoundary struct {
// The ARN of the policy used to set the permissions boundary for the user or// role.
PermissionsBoundaryArn *string `min:"20" type:"string"`
// The permissions boundary usage type that indicates what type of IAM resource// is used as the permissions boundary for an entity. This data type can only// have a value of Policy.
PermissionsBoundaryType *string `type:"string" enum:"PermissionsBoundaryAttachmentType"`
// contains filtered or unexported fields
}

Contains information about an attached permissions boundary.

An attached permissions boundary is a managed policy that has been attached
to a user or role to set the permissions boundary.

An attached policy is a managed policy that has been attached to a user,
group, or role. This data type is used as a response element in the ListAttachedGroupPolicies,
ListAttachedRolePolicies, ListAttachedUserPolicies, and GetAccountAuthorizationDetails
operations.

type ChangePasswordInput struct {
// The new password. The new password must conform to the AWS account's password// policy, if one exists.//// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate// this parameter is a string of characters. That string can include almost// any printable ASCII character from the space (\u0020) through the end of// the ASCII character range (\u00FF). You can also include the tab (\u0009),// line feed (\u000A), and carriage return (\u000D) characters. Any of these// characters are valid in a password. However, many tools, such as the AWS// Management Console, might restrict the ability to type certain characters// because they have special meaning within that tool.//// NewPassword is a required field
NewPassword *string `min:"1" type:"string" required:"true"`
// The IAM user's current password.//// OldPassword is a required field
OldPassword *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type ContextEntry struct {
// The full name of a condition context key, including the service prefix. For// example, aws:SourceIp or s3:VersionId.
ContextKeyName *string `min:"5" type:"string"`
// The data type of the value (or values) specified in the ContextKeyValues// parameter.
ContextKeyType *string `type:"string" enum:"ContextKeyTypeEnum"`
// The value (or values, if the condition context key supports multiple values)// to provide to the simulation when the key is referenced by a Condition element// in an input policy.
ContextKeyValues []*string `type:"list"`
// contains filtered or unexported fields
}

Contains information about a condition context key. It includes the name
of the key and specifies the value (or values, if the context key supports
multiple values) to use in the simulation. This information is used when
evaluating the Condition elements of the input policies.

This data type is used as an input parameter to SimulateCustomPolicy and
SimulateCustomPolicy.

type CreateAccessKeyInput struct {
// The name of the IAM user that the new key will belong to.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-
UserName *string `min:"1" type:"string"`
// contains filtered or unexported fields
}

type CreateAccountAliasInput struct {
// The account alias to create.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of lowercase letters, digits, and dashes.// You cannot start or finish with a dash, nor can you have two dashes in a// row.//// AccountAlias is a required field
AccountAlias *string `min:"3" type:"string" required:"true"`
// contains filtered or unexported fields
}

type CreateGroupInput struct {
// The name of the group to create. Do not include the path in this value.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-.// The group name must be unique within the account. Group names are not distinguished// by case. For example, you cannot create groups named both "ADMINS" and "admins".//// GroupName is a required field
GroupName *string `min:"1" type:"string" required:"true"`
// The path to the group. For more information about paths, see IAM Identifiers// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)// in the IAM User Guide.//// This parameter is optional. If it is not included, it defaults to a slash// (/).//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of either a forward slash (/) by itself// or a string that must begin and end with forward slashes. In addition, it// can contain any ASCII character from the ! (\u0021) through the DEL character// (\u007F), including most punctuation characters, digits, and upper and lowercased// letters.
Path *string `min:"1" type:"string"`
// contains filtered or unexported fields
}

type CreateGroupOutput struct {
// A structure containing details about the new group.//// Group is a required field
Group *Group `type:"structure" required:"true"`
// contains filtered or unexported fields
}

type CreateInstanceProfileInput struct {
// The name of the instance profile to create.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// InstanceProfileName is a required field
InstanceProfileName *string `min:"1" type:"string" required:"true"`
// The path to the instance profile. For more information about paths, see IAM// Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)// in the IAM User Guide.//// This parameter is optional. If it is not included, it defaults to a slash// (/).//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of either a forward slash (/) by itself// or a string that must begin and end with forward slashes. In addition, it// can contain any ASCII character from the ! (\u0021) through the DEL character// (\u007F), including most punctuation characters, digits, and upper and lowercased// letters.
Path *string `min:"1" type:"string"`
// contains filtered or unexported fields
}

type CreateLoginProfileInput struct {
// The new password for the user.//// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate// this parameter is a string of characters. That string can include almost// any printable ASCII character from the space (\u0020) through the end of// the ASCII character range (\u00FF). You can also include the tab (\u0009),// line feed (\u000A), and carriage return (\u000D) characters. Any of these// characters are valid in a password. However, many tools, such as the AWS// Management Console, might restrict the ability to type certain characters// because they have special meaning within that tool.//// Password is a required field
Password *string `min:"1" type:"string" required:"true"`
// Specifies whether the user is required to set a new password on next sign-in.
PasswordResetRequired *bool `type:"boolean"`
// The name of the IAM user to create a password for. The user must already// exist.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// UserName is a required field
UserName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type CreateOpenIDConnectProviderInput struct {
// A list of client IDs (also known as audiences). When a mobile or web app// registers with an OpenID Connect provider, they establish a value that identifies// the application. (This is the value that's sent as the client_id parameter// on OAuth requests.)//// You can register multiple client IDs with the same provider. For example,// you might have multiple applications that use the same OIDC provider. You// cannot register more than 100 client IDs with a single IAM OIDC provider.//// There is no defined format for a client ID. The CreateOpenIDConnectProviderRequest// operation accepts client IDs up to 255 characters long.
ClientIDList []*string `type:"list"`
// A list of server certificate thumbprints for the OpenID Connect (OIDC) identity// provider's server certificates. Typically this list includes only one entry.// However, IAM lets you have up to five thumbprints for an OIDC provider. This// lets you maintain multiple thumbprints if the identity provider is rotating// certificates.//// The server certificate thumbprint is the hex-encoded SHA-1 hash value of// the X.509 certificate used by the domain where the OpenID Connect provider// makes its keys available. It is always a 40-character string.//// You must provide at least one thumbprint when creating an IAM OIDC provider.// For example, assume that the OIDC provider is server.example.com and the// provider stores its keys at https://keys.server.example.com/openid-connect.// In that case, the thumbprint string would be the hex-encoded SHA-1 hash value// of the certificate used by https://keys.server.example.com.//// For more information about obtaining the OIDC provider's thumbprint, see// Obtaining the Thumbprint for an OpenID Connect Provider (http://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html)// in the IAM User Guide.//// ThumbprintList is a required field
ThumbprintList []*string `type:"list" required:"true"`
// The URL of the identity provider. The URL must begin with https:// and should// correspond to the iss claim in the provider's OpenID Connect ID tokens. Per// the OIDC standard, path components are allowed but query parameters are not.// Typically the URL consists of only a hostname, like https://server.example.org// or https://example.com.//// You cannot register the same provider multiple times in a single AWS account.// If you try to submit a URL that has already been used for an OpenID Connect// provider in the AWS account, you will get an error.//// Url is a required field
Url *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type CreatePolicyInput struct {
// A friendly description of the policy.//// Typically used to store information about the permissions defined in the// policy. For example, "Grants access to production DynamoDB tables."//// The policy description is immutable. After a value is assigned, it cannot// be changed.
Description *string `type:"string"`
// The path for the policy.//// For more information about paths, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)// in the IAM User Guide.//// This parameter is optional. If it is not included, it defaults to a slash// (/).//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of either a forward slash (/) by itself// or a string that must begin and end with forward slashes. In addition, it// can contain any ASCII character from the ! (\u0021) through the DEL character// (\u007F), including most punctuation characters, digits, and upper and lowercased// letters.
Path *string `type:"string"`
// The JSON policy document that you want to use as the content for the new// policy.//// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this// parameter is a string of characters consisting of the following://// * Any printable ASCII character ranging from the space character (\u0020)// through the end of the ASCII character range//// * The printable characters in the Basic Latin and Latin-1 Supplement character// set (through \u00FF)//// * The special characters tab (\u0009), line feed (\u000A), and carriage// return (\u000D)//// PolicyDocument is a required field
PolicyDocument *string `min:"1" type:"string" required:"true"`
// The friendly name of the policy.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// PolicyName is a required field
PolicyName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type CreatePolicyVersionInput struct {
// The Amazon Resource Name (ARN) of the IAM policy to which you want to add// a new version.//// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)// in the AWS General Reference.//// PolicyArn is a required field
PolicyArn *string `min:"20" type:"string" required:"true"`
// The JSON policy document that you want to use as the content for this new// version of the policy.//// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this// parameter is a string of characters consisting of the following://// * Any printable ASCII character ranging from the space character (\u0020)// through the end of the ASCII character range//// * The printable characters in the Basic Latin and Latin-1 Supplement character// set (through \u00FF)//// * The special characters tab (\u0009), line feed (\u000A), and carriage// return (\u000D)//// PolicyDocument is a required field
PolicyDocument *string `min:"1" type:"string" required:"true"`
// Specifies whether to set this version as the policy's default version.//// When this parameter is true, the new policy version becomes the operative// version. That is, it becomes the version that is in effect for the IAM users,// groups, and roles that the policy is attached to.//// For more information about managed policy versions, see Versioning for Managed// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)// in the IAM User Guide.
SetAsDefault *bool `type:"boolean"`
// contains filtered or unexported fields
}

type CreateRoleInput struct {
// The trust relationship policy document that grants an entity permission to// assume the role.//// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this// parameter is a string of characters consisting of the following://// * Any printable ASCII character ranging from the space character (\u0020)// through the end of the ASCII character range//// * The printable characters in the Basic Latin and Latin-1 Supplement character// set (through \u00FF)//// * The special characters tab (\u0009), line feed (\u000A), and carriage// return (\u000D)//// AssumeRolePolicyDocument is a required field
AssumeRolePolicyDocument *string `min:"1" type:"string" required:"true"`
// A description of the role.
Description *string `type:"string"`
// The maximum session duration (in seconds) that you want to set for the specified// role. If you do not specify a value for this setting, the default maximum// of one hour is applied. This setting can have a value from 1 hour to 12 hours.//// Anyone who assumes the role from the AWS CLI or API can use the DurationSeconds// API parameter or the duration-seconds CLI parameter to request a longer session.// The MaxSessionDuration setting determines the maximum duration that can be// requested using the DurationSeconds parameter. If users don't specify a value// for the DurationSeconds parameter, their security credentials are valid for// one hour by default. This applies when you use the AssumeRole* API operations// or the assume-role* CLI operations but does not apply when you use those// operations to create a console URL. For more information, see Using IAM Roles// (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the// IAM User Guide.
MaxSessionDuration *int64 `min:"3600" type:"integer"`
// The path to the role. For more information about paths, see IAM Identifiers// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)// in the IAM User Guide.//// This parameter is optional. If it is not included, it defaults to a slash// (/).//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of either a forward slash (/) by itself// or a string that must begin and end with forward slashes. In addition, it// can contain any ASCII character from the ! (\u0021) through the DEL character// (\u007F), including most punctuation characters, digits, and upper and lowercased// letters.
Path *string `min:"1" type:"string"`
// The ARN of the policy that is used to set the permissions boundary for the// role.
PermissionsBoundary *string `min:"20" type:"string"`
// The name of the role to create.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// Role names are not distinguished by case. For example, you cannot create// roles named both "PRODROLE" and "prodrole".//// RoleName is a required field
RoleName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type CreateRoleOutput struct {
// A structure containing details about the new role.//// Role is a required field
Role *Role `type:"structure" required:"true"`
// contains filtered or unexported fields
}

type CreateSAMLProviderInput struct {
// The name of the provider to create.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// An XML document generated by an identity provider (IdP) that supports SAML// 2.0. The document includes the issuer's name, expiration information, and// keys that can be used to validate the SAML authentication response (assertions)// that are received from the IdP. You must generate the metadata document using// the identity management software that is used as your organization's IdP.//// For more information, see About SAML 2.0-based Federation (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)// in the IAM User Guide//// SAMLMetadataDocument is a required field
SAMLMetadataDocument *string `min:"1000" type:"string" required:"true"`
// contains filtered or unexported fields
}

type CreateServiceLinkedRoleInput struct {
// The AWS service to which this role is attached. You use a string similar// to a URL but without the http:// in front. For example: elasticbeanstalk.amazonaws.com//// AWSServiceName is a required field
AWSServiceName *string `min:"1" type:"string" required:"true"`
// A string that you provide, which is combined with the service name to form// the complete role name. If you make multiple requests for the same service,// then you must supply a different CustomSuffix for each request. Otherwise// the request fails with a duplicate role name error. For example, you could// add -1 or -debug to the suffix.
CustomSuffix *string `min:"1" type:"string"`
// The description of the role.
Description *string `type:"string"`
// contains filtered or unexported fields
}

type CreateServiceSpecificCredentialInput struct {
// The name of the AWS service that is to be associated with the credentials.// The service you specify here is the only service that can be accessed using// these credentials.//// ServiceName is a required field
ServiceName *string `type:"string" required:"true"`
// The name of the IAM user that is to be associated with the credentials. The// new service-specific credentials have the same permissions as the associated// user except that they can be used only to access the specified service.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// UserName is a required field
UserName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type CreateServiceSpecificCredentialOutput struct {
// A structure that contains information about the newly created service-specific// credential.//// This is the only time that the password for this credential set is available.// It cannot be recovered later. Instead, you will have to reset the password// with ResetServiceSpecificCredential.
ServiceSpecificCredential *ServiceSpecificCredential `type:"structure"`
// contains filtered or unexported fields
}

type CreateUserInput struct {
// The path for the user name. For more information about paths, see IAM Identifiers// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)// in the IAM User Guide.//// This parameter is optional. If it is not included, it defaults to a slash// (/).//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of either a forward slash (/) by itself// or a string that must begin and end with forward slashes. In addition, it// can contain any ASCII character from the ! (\u0021) through the DEL character// (\u007F), including most punctuation characters, digits, and upper and lowercased// letters.
Path *string `min:"1" type:"string"`
// The ARN of the policy that is used to set the permissions boundary for the// user.
PermissionsBoundary *string `min:"20" type:"string"`
// The name of the user to create.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-.// User names are not distinguished by case. For example, you cannot create// users named both "TESTUSER" and "testuser".//// UserName is a required field
UserName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type CreateVirtualMFADeviceInput struct {
// The path for the virtual MFA device. For more information about paths, see// IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)// in the IAM User Guide.//// This parameter is optional. If it is not included, it defaults to a slash// (/).//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of either a forward slash (/) by itself// or a string that must begin and end with forward slashes. In addition, it// can contain any ASCII character from the ! (\u0021) through the DEL character// (\u007F), including most punctuation characters, digits, and upper and lowercased// letters.
Path *string `min:"1" type:"string"`
// The name of the virtual MFA device. Use with path to uniquely identify a// virtual MFA device.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// VirtualMFADeviceName is a required field
VirtualMFADeviceName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeactivateMFADeviceInput struct {
// The serial number that uniquely identifies the MFA device. For virtual MFA// devices, the serial number is the device ARN.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: =,.@:/-//// SerialNumber is a required field
SerialNumber *string `min:"9" type:"string" required:"true"`
// The name of the user whose MFA device you want to deactivate.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// UserName is a required field
UserName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeleteAccessKeyInput struct {
// The access key ID for the access key ID and secret access key you want to// delete.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters that can consist of any upper or lowercased letter// or digit.//// AccessKeyId is a required field
AccessKeyId *string `min:"16" type:"string" required:"true"`
// The name of the user whose access key pair you want to delete.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-
UserName *string `min:"1" type:"string"`
// contains filtered or unexported fields
}

type DeleteAccountAliasInput struct {
// The name of the account alias to delete.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of lowercase letters, digits, and dashes.// You cannot start or finish with a dash, nor can you have two dashes in a// row.//// AccountAlias is a required field
AccountAlias *string `min:"3" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeleteGroupInput struct {
// The name of the IAM group to delete.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// GroupName is a required field
GroupName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeleteGroupPolicyInput struct {
// The name (friendly name, not ARN) identifying the group that the policy is// embedded in.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// GroupName is a required field
GroupName *string `min:"1" type:"string" required:"true"`
// The name identifying the policy document to delete.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// PolicyName is a required field
PolicyName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeleteInstanceProfileInput struct {
// The name of the instance profile to delete.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// InstanceProfileName is a required field
InstanceProfileName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeleteLoginProfileInput struct {
// The name of the user whose password you want to delete.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// UserName is a required field
UserName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeleteOpenIDConnectProviderInput struct {
// The Amazon Resource Name (ARN) of the IAM OpenID Connect provider resource// object to delete. You can get a list of OpenID Connect provider resource// ARNs by using the ListOpenIDConnectProviders operation.//// OpenIDConnectProviderArn is a required field
OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeletePolicyInput struct {
// The Amazon Resource Name (ARN) of the IAM policy you want to delete.//// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)// in the AWS General Reference.//// PolicyArn is a required field
PolicyArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeletePolicyVersionInput struct {
// The Amazon Resource Name (ARN) of the IAM policy from which you want to delete// a version.//// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)// in the AWS General Reference.//// PolicyArn is a required field
PolicyArn *string `min:"20" type:"string" required:"true"`
// The policy version to delete.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters that consists of the lowercase letter 'v' followed// by one or two digits, and optionally followed by a period '.' and a string// of letters and digits.//// For more information about managed policy versions, see Versioning for Managed// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)// in the IAM User Guide.//// VersionId is a required field
VersionId *string `type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeleteRoleInput struct {
// The name of the role to delete.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// RoleName is a required field
RoleName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeleteRolePermissionsBoundaryInput struct {
// The name (friendly name, not ARN) of the IAM role from which you want to// remove the permissions boundary.//// RoleName is a required field
RoleName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeleteRolePolicyInput struct {
// The name of the inline policy to delete from the specified IAM role.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// PolicyName is a required field
PolicyName *string `min:"1" type:"string" required:"true"`
// The name (friendly name, not ARN) identifying the role that the policy is// embedded in.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// RoleName is a required field
RoleName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeleteSSHPublicKeyInput struct {
// The unique identifier for the SSH public key.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters that can consist of any upper or lowercased letter// or digit.//// SSHPublicKeyId is a required field
SSHPublicKeyId *string `min:"20" type:"string" required:"true"`
// The name of the IAM user associated with the SSH public key.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// UserName is a required field
UserName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeleteServerCertificateInput struct {
// The name of the server certificate you want to delete.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// ServerCertificateName is a required field
ServerCertificateName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeleteServiceLinkedRoleInput struct {
// The name of the service-linked role to be deleted.//// RoleName is a required field
RoleName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeleteServiceLinkedRoleOutput struct {
// The deletion task identifier that you can use to check the status of the// deletion. This identifier is returned in the format task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>.//// DeletionTaskId is a required field
DeletionTaskId *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeleteServiceSpecificCredentialInput struct {
// The unique identifier of the service-specific credential. You can get this// value by calling ListServiceSpecificCredentials.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters that can consist of any upper or lowercased letter// or digit.//// ServiceSpecificCredentialId is a required field
ServiceSpecificCredentialId *string `min:"20" type:"string" required:"true"`
// The name of the IAM user associated with the service-specific credential.// If this value is not specified, then the operation assumes the user whose// credentials are used to call the operation.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-
UserName *string `min:"1" type:"string"`
// contains filtered or unexported fields
}

type DeleteSigningCertificateInput struct {
// The ID of the signing certificate to delete.//// The format of this parameter, as described by its regex (http://wikipedia.org/wiki/regex)// pattern, is a string of characters that can be upper- or lower-cased letters// or digits.//// CertificateId is a required field
CertificateId *string `min:"24" type:"string" required:"true"`
// The name of the user the signing certificate belongs to.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-
UserName *string `min:"1" type:"string"`
// contains filtered or unexported fields
}

type DeleteUserInput struct {
// The name of the user to delete.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// UserName is a required field
UserName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeleteUserPolicyInput struct {
// The name identifying the policy document to delete.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// PolicyName is a required field
PolicyName *string `min:"1" type:"string" required:"true"`
// The name (friendly name, not ARN) identifying the user that the policy is// embedded in.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// UserName is a required field
UserName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeleteVirtualMFADeviceInput struct {
// The serial number that uniquely identifies the MFA device. For virtual MFA// devices, the serial number is the same as the ARN.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: =,.@:/-//// SerialNumber is a required field
SerialNumber *string `min:"9" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DeletionTaskFailureReasonType struct {
// A short description of the reason that the service-linked role deletion failed.
Reason *string `type:"string"`
// A list of objects that contains details about the service-linked role deletion// failure, if that information is returned by the service. If the service-linked// role has active sessions or if any resources that were used by the role have// not been deleted from the linked service, the role can't be deleted. This// parameter includes a list of the resources that are associated with the role// and the region in which the resources are being used.
RoleUsageList []*RoleUsageType `type:"list"`
// contains filtered or unexported fields
}

The reason that the service-linked role deletion failed.

This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus
operation.

type DetachGroupPolicyInput struct {
// The name (friendly name, not ARN) of the IAM group to detach the policy from.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// GroupName is a required field
GroupName *string `min:"1" type:"string" required:"true"`
// The Amazon Resource Name (ARN) of the IAM policy you want to detach.//// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)// in the AWS General Reference.//// PolicyArn is a required field
PolicyArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DetachRolePolicyInput struct {
// The Amazon Resource Name (ARN) of the IAM policy you want to detach.//// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)// in the AWS General Reference.//// PolicyArn is a required field
PolicyArn *string `min:"20" type:"string" required:"true"`
// The name (friendly name, not ARN) of the IAM role to detach the policy from.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// RoleName is a required field
RoleName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type DetachUserPolicyInput struct {
// The Amazon Resource Name (ARN) of the IAM policy you want to detach.//// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)// in the AWS General Reference.//// PolicyArn is a required field
PolicyArn *string `min:"20" type:"string" required:"true"`
// The name (friendly name, not ARN) of the IAM user to detach the policy from.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// UserName is a required field
UserName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type EnableMFADeviceInput struct {
// An authentication code emitted by the device.//// The format for this parameter is a string of six digits.//// Submit your request immediately after generating the authentication codes.// If you generate the codes and then wait too long to submit the request, the// MFA device successfully associates with the user but the MFA device becomes// out of sync. This happens because time-based one-time passwords (TOTP) expire// after a short period of time. If this happens, you can resync the device// (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html).//// AuthenticationCode1 is a required field
AuthenticationCode1 *string `min:"6" type:"string" required:"true"`
// A subsequent authentication code emitted by the device.//// The format for this parameter is a string of six digits.//// Submit your request immediately after generating the authentication codes.// If you generate the codes and then wait too long to submit the request, the// MFA device successfully associates with the user but the MFA device becomes// out of sync. This happens because time-based one-time passwords (TOTP) expire// after a short period of time. If this happens, you can resync the device// (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html).//// AuthenticationCode2 is a required field
AuthenticationCode2 *string `min:"6" type:"string" required:"true"`
// The serial number that uniquely identifies the MFA device. For virtual MFA// devices, the serial number is the device ARN.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: =,.@:/-//// SerialNumber is a required field
SerialNumber *string `min:"9" type:"string" required:"true"`
// The name of the IAM user for whom you want to enable the MFA device.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// UserName is a required field
UserName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type EvaluationResult struct {
// The name of the API operation tested on the indicated resource.//// EvalActionName is a required field
EvalActionName *string `min:"3" type:"string" required:"true"`
// The result of the simulation.//// EvalDecision is a required field
EvalDecision *string `type:"string" required:"true" enum:"PolicyEvaluationDecisionType"`
// Additional details about the results of the evaluation decision. When there// are both IAM policies and resource policies, this parameter explains how// each set of policies contributes to the final evaluation decision. When simulating// cross-account access to a resource, both the resource-based policy and the// caller's IAM policy must grant access. See How IAM Roles Differ from Resource-based// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html)
EvalDecisionDetails map[string]*string `type:"map"`
// The ARN of the resource that the indicated API operation was tested on.
EvalResourceName *string `min:"1" type:"string"`
// A list of the statements in the input policies that determine the result// for this scenario. Remember that even if multiple statements allow the operation// on the resource, if only one statement denies that operation, then the explicit// deny overrides any allow, and the deny statement is the only entry included// in the result.
MatchedStatements []*Statement `type:"list"`
// A list of context keys that are required by the included input policies but// that were not provided by one of the input parameters. This list is used// when the resource in a simulation is "*", either explicitly, or when the// ResourceArns parameter blank. If you include a list of resources, then any// missing context values are instead included under the ResourceSpecificResults// section. To discover the context keys used by a set of policies, you can// call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
MissingContextValues []*string `type:"list"`
// A structure that details how AWS Organizations and its service control policies// affect the results of the simulation. Only applies if the simulated user's// account is part of an organization.
OrganizationsDecisionDetail *OrganizationsDecisionDetail `type:"structure"`
// The individual results of the simulation of the API operation specified in// EvalActionName on each resource.
ResourceSpecificResults []*ResourceSpecificResult `type:"list"`
// contains filtered or unexported fields
}

Contains the results of a simulation.

This data type is used by the return parameter of SimulateCustomPolicy and
SimulatePrincipalPolicy.

type GetAccessKeyLastUsedInput struct {
// The identifier of an access key.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters that can consist of any upper or lowercased letter// or digit.//// AccessKeyId is a required field
AccessKeyId *string `min:"16" type:"string" required:"true"`
// contains filtered or unexported fields
}

type GetAccountAuthorizationDetailsInput struct {
// A list of entity types used to filter the results. Only the entities that// match the types you specify are included in the output. Use the value LocalManagedPolicy// to include customer managed policies.//// The format for this parameter is a comma-separated (if more than one) list// of strings. Each string value in the list must be one of the valid values// listed below.
Filter []*string `type:"list"`
// Use this parameter only when paginating results and only after you receive// a response indicating that the results are truncated. Set it to the value// of the Marker element in the response that you received to indicate where// the next call should start.
Marker *string `min:"1" type:"string"`
// (Optional) Use this only when paginating results to indicate the maximum// number of items you want in the response. If additional items exist beyond// the maximum you specify, the IsTruncated response element is true.//// If you do not include this parameter, it defaults to 100. Note that IAM might// return fewer results, even when there are more results available. In that// case, the IsTruncated response element returns true and Marker contains a// value to include in the subsequent call that tells the service where to continue// from.
MaxItems *int64 `min:"1" type:"integer"`
// contains filtered or unexported fields
}

type GetAccountAuthorizationDetailsOutput struct {
// A list containing information about IAM groups.
GroupDetailList []*GroupDetail `type:"list"`
// A flag that indicates whether there are more items to return. If your results// were truncated, you can make a subsequent pagination request using the Marker// request parameter to retrieve more items. Note that IAM might return fewer// than the MaxItems number of results even when there are more results available.// We recommend that you check IsTruncated after every call to ensure that you// receive all of your results.
IsTruncated *bool `type:"boolean"`
// When IsTruncated is true, this element is present and contains the value// to use for the Marker parameter in a subsequent pagination request.
Marker *string `min:"1" type:"string"`
// A list containing information about managed policies.
Policies []*ManagedPolicyDetail `type:"list"`
// A list containing information about IAM roles.
RoleDetailList []*RoleDetail `type:"list"`
// A list containing information about IAM users.
UserDetailList []*UserDetail `type:"list"`
// contains filtered or unexported fields
}

Contains the response to a successful GetAccountAuthorizationDetails request.

type GetContextKeysForCustomPolicyInput struct {
// A list of policies for which you want the list of context keys referenced// in those policies. Each document is specified as a string containing the// complete, valid JSON text of an IAM policy.//// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this// parameter is a string of characters consisting of the following://// * Any printable ASCII character ranging from the space character (\u0020)// through the end of the ASCII character range//// * The printable characters in the Basic Latin and Latin-1 Supplement character// set (through \u00FF)//// * The special characters tab (\u0009), line feed (\u000A), and carriage// return (\u000D)//// PolicyInputList is a required field
PolicyInputList []*string `type:"list" required:"true"`
// contains filtered or unexported fields
}

type GetContextKeysForPrincipalPolicyInput struct {
// An optional list of additional policies for which you want the list of context// keys that are referenced.//// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this// parameter is a string of characters consisting of the following://// * Any printable ASCII character ranging from the space character (\u0020)// through the end of the ASCII character range//// * The printable characters in the Basic Latin and Latin-1 Supplement character// set (through \u00FF)//// * The special characters tab (\u0009), line feed (\u000A), and carriage// return (\u000D)
PolicyInputList []*string `type:"list"`
// The ARN of a user, group, or role whose policies contain the context keys// that you want listed. If you specify a user, the list includes context keys// that are found in all policies that are attached to the user. The list also// includes all groups that the user is a member of. If you pick a group or// a role, then it includes only those context keys that are found in policies// attached to that entity. Note that all parameters are shown in unencoded// form here for clarity, but must be URL encoded to be included as a part of// a real HTML request.//// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)// in the AWS General Reference.//// PolicySourceArn is a required field
PolicySourceArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}

type GetGroupInput struct {
// The name of the group.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// GroupName is a required field
GroupName *string `min:"1" type:"string" required:"true"`
// Use this parameter only when paginating results and only after you receive// a response indicating that the results are truncated. Set it to the value// of the Marker element in the response that you received to indicate where// the next call should start.
Marker *string `min:"1" type:"string"`
// (Optional) Use this only when paginating results to indicate the maximum// number of items you want in the response. If additional items exist beyond// the maximum you specify, the IsTruncated response element is true.//// If you do not include this parameter, it defaults to 100. Note that IAM might// return fewer results, even when there are more results available. In that// case, the IsTruncated response element returns true and Marker contains a// value to include in the subsequent call that tells the service where to continue// from.
MaxItems *int64 `min:"1" type:"integer"`
// contains filtered or unexported fields
}

type GetGroupOutput struct {
// A structure that contains details about the group.//// Group is a required field
Group *Group `type:"structure" required:"true"`
// A flag that indicates whether there are more items to return. If your results// were truncated, you can make a subsequent pagination request using the Marker// request parameter to retrieve more items. Note that IAM might return fewer// than the MaxItems number of results even when there are more results available.// We recommend that you check IsTruncated after every call to ensure that you// receive all of your results.
IsTruncated *bool `type:"boolean"`
// When IsTruncated is true, this element is present and contains the value// to use for the Marker parameter in a subsequent pagination request.
Marker *string `min:"1" type:"string"`
// A list of users in the group.//// Users is a required field
Users []*User `type:"list" required:"true"`
// contains filtered or unexported fields
}

type GetGroupPolicyInput struct {
// The name of the group the policy is associated with.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// GroupName is a required field
GroupName *string `min:"1" type:"string" required:"true"`
// The name of the policy document to get.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// PolicyName is a required field
PolicyName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type GetGroupPolicyOutput struct {
// The group the policy is associated with.//// GroupName is a required field
GroupName *string `min:"1" type:"string" required:"true"`
// The policy document.//// PolicyDocument is a required field
PolicyDocument *string `min:"1" type:"string" required:"true"`
// The name of the policy.//// PolicyName is a required field
PolicyName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type GetInstanceProfileInput struct {
// The name of the instance profile to get information about.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// InstanceProfileName is a required field
InstanceProfileName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type GetLoginProfileInput struct {
// The name of the user whose login profile you want to retrieve.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// UserName is a required field
UserName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type GetOpenIDConnectProviderInput struct {
// The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM// to get information for. You can get a list of OIDC provider resource ARNs// by using the ListOpenIDConnectProviders operation.//// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)// in the AWS General Reference.//// OpenIDConnectProviderArn is a required field
OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}

type GetPolicyInput struct {
// The Amazon Resource Name (ARN) of the managed policy that you want information// about.//// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)// in the AWS General Reference.//// PolicyArn is a required field
PolicyArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}

type GetPolicyVersionInput struct {
// The Amazon Resource Name (ARN) of the managed policy that you want information// about.//// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)// in the AWS General Reference.//// PolicyArn is a required field
PolicyArn *string `min:"20" type:"string" required:"true"`
// Identifies the policy version to retrieve.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters that consists of the lowercase letter 'v' followed// by one or two digits, and optionally followed by a period '.' and a string// of letters and digits.//// VersionId is a required field
VersionId *string `type:"string" required:"true"`
// contains filtered or unexported fields
}

type GetRoleInput struct {
// The name of the IAM role to get information about.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// RoleName is a required field
RoleName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type GetRolePolicyInput struct {
// The name of the policy document to get.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// PolicyName is a required field
PolicyName *string `min:"1" type:"string" required:"true"`
// The name of the role associated with the policy.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// RoleName is a required field
RoleName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type GetRolePolicyOutput struct {
// The policy document.//// PolicyDocument is a required field
PolicyDocument *string `min:"1" type:"string" required:"true"`
// The name of the policy.//// PolicyName is a required field
PolicyName *string `min:"1" type:"string" required:"true"`
// The role the policy is associated with.//// RoleName is a required field
RoleName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type GetSAMLProviderInput struct {
// The Amazon Resource Name (ARN) of the SAML provider resource object in IAM// to get information about.//// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)// in the AWS General Reference.//// SAMLProviderArn is a required field
SAMLProviderArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}

type GetSSHPublicKeyInput struct {
// Specifies the public key encoding format to use in the response. To retrieve// the public key in ssh-rsa format, use SSH. To retrieve the public key in// PEM format, use PEM.//// Encoding is a required field
Encoding *string `type:"string" required:"true" enum:"encodingType"`
// The unique identifier for the SSH public key.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters that can consist of any upper or lowercased letter// or digit.//// SSHPublicKeyId is a required field
SSHPublicKeyId *string `min:"20" type:"string" required:"true"`
// The name of the IAM user associated with the SSH public key.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// UserName is a required field
UserName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type GetServerCertificateInput struct {
// The name of the server certificate you want to retrieve information about.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// ServerCertificateName is a required field
ServerCertificateName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type GetUserInput struct {
// The name of the user to get information about.//// This parameter is optional. If it is not included, it defaults to the user// making the request. This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-
UserName *string `min:"1" type:"string"`
// contains filtered or unexported fields
}

type GetUserOutput struct {
// A structure containing details about the IAM user.//// Due to a service issue, password last used data does not include password// use from May 3rd 2018 22:50 PDT to May 23rd 2018 14:08 PDT. This affects// last sign-in (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html)// dates shown in the IAM console and password last used dates in the IAM credential// report (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html),// and returned by this GetUser API. If users signed in during the affected// time, the password last used date that is returned is the date the user last// signed in before May 3rd 2018. For users that signed in after May 23rd 2018// 14:08 PDT, the returned password last used date is accurate.//// If you use password last used information to identify unused credentials// for deletion, such as deleting users who did not sign in to AWS in the last// 90 days, we recommend that you adjust your evaluation window to include dates// after May 23rd 2018. Alternatively, if your users use access keys to access// AWS programmatically you can refer to access key last used information because// it is accurate for all dates.//// User is a required field
User *User `type:"structure" required:"true"`
// contains filtered or unexported fields
}

type GetUserPolicyInput struct {
// The name of the policy document to get.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// PolicyName is a required field
PolicyName *string `min:"1" type:"string" required:"true"`
// The name of the user who the policy is associated with.//// This parameter allows (per its regex pattern (http://wikipedia.org/wiki/regex))// a string of characters consisting of upper and lowercase alphanumeric characters// with no spaces. You can also include any of the following characters: _+=,.@-//// UserName is a required field
UserName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

type Group struct {
// The Amazon Resource Name (ARN) specifying the group. For more information// about ARNs and how to use them in policies, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)// in the Using IAM guide.//// Arn is a required field
Arn *string `min:"20" type:"string" required:"true"`
// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),// when the group was created.//// CreateDate is a required field
CreateDate *time.Time `type:"timestamp" required:"true"`
// The stable and unique string identifying the group. For more information// about IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)// in the Using IAM guide.//// GroupId is a required field
GroupId *string `min:"16" type:"string" required:"true"`
// The friendly name that identifies the group.//// GroupName is a required field
GroupName *string `min:"1" type:"string" required:"true"`
// The path to the group. For more information about paths, see IAM Identifiers// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)// in the Using IAM guide.//// Path is a required field
Path *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}

Contains information about an IAM group entity.

This data type is used as a response element in the following operations:

type GroupDetail struct {
// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.//// For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)// in the AWS General Reference.
Arn *string `min:"20" type:"string"`
// A list of the managed policies attached to the group.
AttachedManagedPolicies []*AttachedPolicy `type:"list"`
// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),// when the group was created.
CreateDate *time.Time `type:"timestamp"`
// The stable and unique string identifying the group. For more information// about IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)// in the Using IAM guide.
GroupId *string `min:"16" type:"string"`
// The friendly name that identifies the group.
GroupName *string `min:"1" type:"string"`
// A list of the inline policies embedded in the group.
GroupPolicyList []*PolicyDetail `type:"list"`
// The path to the group. For more information about paths, see IAM Identifiers// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)// in the Using IAM guide.
Path *string `min:"1" type:"string"`
// contains filtered or unexported fields
}

Contains information about an IAM group, including all of the group's policies.

This data type is used as a response element in the GetAccountAuthorizationDetails
operation.

Adds a new client ID (also known as audience) to the list of client IDs already
registered for the specified IAM OpenID Connect (OIDC) provider resource.

This operation is idempotent; it does not fail or return an error if you
add an existing client ID to the provider.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation AddClientIDToOpenIDConnectProvider for usage and error information.

Returned Error Codes:

* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.
* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

To add a client ID (audience) to an Open-ID Connect (OIDC) provider
The following add-client-id-to-open-id-connect-provider command adds the client ID
my-application-ID to the OIDC provider named server.example.com:

AddClientIDToOpenIDConnectProviderRequest generates a "aws/request.Request" representing the
client's request for the AddClientIDToOpenIDConnectProvider operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See AddClientIDToOpenIDConnectProvider for more information on using the AddClientIDToOpenIDConnectProvider
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

AddClientIDToOpenIDConnectProviderWithContext is the same as AddClientIDToOpenIDConnectProvider with the addition of
the ability to pass a context and additional request options.

See AddClientIDToOpenIDConnectProvider for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation AddRoleToInstanceProfile for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
The request was rejected because it attempted to create a resource that already
exists.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeUnmodifiableEntityException "UnmodifiableEntity"
The request was rejected because only the service that depends on the service-linked
role can modify or delete the role on your behalf. The error message includes
the name of the service that depends on this service-linked role. You must
request the change through that service.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

AddRoleToInstanceProfileRequest generates a "aws/request.Request" representing the
client's request for the AddRoleToInstanceProfile operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See AddRoleToInstanceProfile for more information on using the AddRoleToInstanceProfile
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

AddRoleToInstanceProfileWithContext is the same as AddRoleToInstanceProfile with the addition of
the ability to pass a context and additional request options.

See AddRoleToInstanceProfile for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation AddUserToGroup for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

AddUserToGroupRequest generates a "aws/request.Request" representing the
client's request for the AddUserToGroup operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See AddUserToGroup for more information on using the AddUserToGroup
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

AddUserToGroupWithContext is the same as AddUserToGroup with the addition of
the ability to pass a context and additional request options.

See AddUserToGroup for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation AttachGroupPolicy for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.
* ErrCodePolicyNotAttachableException "PolicyNotAttachable"
The request failed because AWS service role policies can only be attached
to the service-linked role for that service.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

AttachGroupPolicyRequest generates a "aws/request.Request" representing the
client's request for the AttachGroupPolicy operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See AttachGroupPolicy for more information on using the AttachGroupPolicy
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

AttachGroupPolicyWithContext is the same as AttachGroupPolicy with the addition of
the ability to pass a context and additional request options.

See AttachGroupPolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Attaches the specified managed policy to the specified IAM role. When you
attach a managed policy to a role, the managed policy becomes part of the
role's permission (access) policy.

You cannot use a managed policy as the role's trust policy. The role's trust
policy is created at the same time as the role, using CreateRole. You can
update a role's trust policy using UpdateAssumeRolePolicy.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation AttachRolePolicy for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.
* ErrCodeUnmodifiableEntityException "UnmodifiableEntity"
The request was rejected because only the service that depends on the service-linked
role can modify or delete the role on your behalf. The error message includes
the name of the service that depends on this service-linked role. You must
request the change through that service.
* ErrCodePolicyNotAttachableException "PolicyNotAttachable"
The request failed because AWS service role policies can only be attached
to the service-linked role for that service.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

AttachRolePolicyRequest generates a "aws/request.Request" representing the
client's request for the AttachRolePolicy operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See AttachRolePolicy for more information on using the AttachRolePolicy
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

AttachRolePolicyWithContext is the same as AttachRolePolicy with the addition of
the ability to pass a context and additional request options.

See AttachRolePolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation AttachUserPolicy for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.
* ErrCodePolicyNotAttachableException "PolicyNotAttachable"
The request failed because AWS service role policies can only be attached
to the service-linked role for that service.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

AttachUserPolicyRequest generates a "aws/request.Request" representing the
client's request for the AttachUserPolicy operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See AttachUserPolicy for more information on using the AttachUserPolicy
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

AttachUserPolicyWithContext is the same as AttachUserPolicy with the addition of
the ability to pass a context and additional request options.

See AttachUserPolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation ChangePassword for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeInvalidUserTypeException "InvalidUserType"
The request was rejected because the type of user for the transaction was
incorrect.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeEntityTemporarilyUnmodifiableException "EntityTemporarilyUnmodifiable"
The request was rejected because it referenced an entity that is temporarily
unmodifiable, such as a user name that was deleted and then recreated. The
error indicates that the request is likely to succeed if you try again after
waiting several minutes. The error message describes the entity.
* ErrCodePasswordPolicyViolationException "PasswordPolicyViolation"
The request was rejected because the provided password did not meet the requirements
imposed by the account password policy.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

ChangePasswordRequest generates a "aws/request.Request" representing the
client's request for the ChangePassword operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See ChangePassword for more information on using the ChangePassword
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

ChangePasswordWithContext is the same as ChangePassword with the addition of
the ability to pass a context and additional request options.

See ChangePassword for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Creates a new AWS secret access key and corresponding AWS access key ID for
the specified user. The default status for new keys is Active.

If you do not specify a user name, IAM determines the user name implicitly
based on the AWS access key ID signing the request. Because this operation
works for access keys under the AWS account, you can use this operation to
manage AWS account root user credentials. This is true even if the AWS account
has no associated users.

To ensure the security of your AWS account, the secret access key is accessible
only during key and user creation. You must save the key (for example, in
a text file) if you want to be able to access it again. If a secret key is
lost, you can delete the access keys for the associated user and then create
new keys.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation CreateAccessKey for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

CreateAccessKeyRequest generates a "aws/request.Request" representing the
client's request for the CreateAccessKey operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See CreateAccessKey for more information on using the CreateAccessKey
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

CreateAccessKeyWithContext is the same as CreateAccessKey with the addition of
the ability to pass a context and additional request options.

See CreateAccessKey for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation CreateAccountAlias for usage and error information.

Returned Error Codes:

* ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
The request was rejected because it attempted to create a resource that already
exists.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

CreateAccountAliasRequest generates a "aws/request.Request" representing the
client's request for the CreateAccountAlias operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See CreateAccountAlias for more information on using the CreateAccountAlias
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

CreateAccountAliasWithContext is the same as CreateAccountAlias with the addition of
the ability to pass a context and additional request options.

See CreateAccountAlias for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation CreateGroup for usage and error information.

Returned Error Codes:

* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
The request was rejected because it attempted to create a resource that already
exists.
* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

CreateGroupRequest generates a "aws/request.Request" representing the
client's request for the CreateGroup operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See CreateGroup for more information on using the CreateGroup
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

CreateGroupWithContext is the same as CreateGroup with the addition of
the ability to pass a context and additional request options.

See CreateGroup for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation CreateInstanceProfile for usage and error information.

Returned Error Codes:

* ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
The request was rejected because it attempted to create a resource that already
exists.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

CreateInstanceProfileRequest generates a "aws/request.Request" representing the
client's request for the CreateInstanceProfile operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See CreateInstanceProfile for more information on using the CreateInstanceProfile
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

CreateInstanceProfileWithContext is the same as CreateInstanceProfile with the addition of
the ability to pass a context and additional request options.

See CreateInstanceProfile for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation CreateLoginProfile for usage and error information.

Returned Error Codes:

* ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
The request was rejected because it attempted to create a resource that already
exists.
* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodePasswordPolicyViolationException "PasswordPolicyViolation"
The request was rejected because the provided password did not meet the requirements
imposed by the account password policy.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

CreateLoginProfileRequest generates a "aws/request.Request" representing the
client's request for the CreateLoginProfile operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See CreateLoginProfile for more information on using the CreateLoginProfile
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

CreateLoginProfileWithContext is the same as CreateLoginProfile with the addition of
the ability to pass a context and additional request options.

See CreateLoginProfile for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

The OIDC provider that you create with this operation can be used as a principal
in a role's trust policy. Such a policy establishes a trust relationship
between AWS and the OIDC provider.

When you create the IAM OIDC provider, you specify the following:

* The URL of the OIDC identity provider (IdP) to trust
* A list of client IDs (also known as audiences) that identify the application
or applications that are allowed to authenticate using the OIDC provider
* A list of thumbprints of the server certificate(s) that the IdP uses.

You get all of this information from the OIDC IdP that you want to use to
access AWS.

Because trust for the OIDC provider is derived from the IAM provider that
this operation creates, it is best to limit access to the CreateOpenIDConnectProvider
operation to highly privileged users.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation CreateOpenIDConnectProvider for usage and error information.

Returned Error Codes:

* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.
* ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
The request was rejected because it attempted to create a resource that already
exists.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

CreateOpenIDConnectProviderRequest generates a "aws/request.Request" representing the
client's request for the CreateOpenIDConnectProvider operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See CreateOpenIDConnectProvider for more information on using the CreateOpenIDConnectProvider
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

CreateOpenIDConnectProviderWithContext is the same as CreateOpenIDConnectProvider with the addition of
the ability to pass a context and additional request options.

See CreateOpenIDConnectProvider for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation CreatePolicy for usage and error information.

Returned Error Codes:

* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
The request was rejected because it attempted to create a resource that already
exists.
* ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
The request was rejected because the policy document was malformed. The error
message describes the specific error.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

CreatePolicyRequest generates a "aws/request.Request" representing the
client's request for the CreatePolicy operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See CreatePolicy for more information on using the CreatePolicy
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

Creates a new version of the specified managed policy. To update a managed
policy, you create a new policy version. A managed policy can have up to
five versions. If the policy has five versions, you must delete an existing
version using DeletePolicyVersion before you create a new version.

Optionally, you can set the new version as the policy's default version.
The default version is the version that is in effect for the IAM users, groups,
and roles to which the policy is attached.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation CreatePolicyVersion for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
The request was rejected because the policy document was malformed. The error
message describes the specific error.
* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

CreatePolicyVersionRequest generates a "aws/request.Request" representing the
client's request for the CreatePolicyVersion operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See CreatePolicyVersion for more information on using the CreatePolicyVersion
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

CreatePolicyVersionWithContext is the same as CreatePolicyVersion with the addition of
the ability to pass a context and additional request options.

See CreatePolicyVersion for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

CreatePolicyWithContext is the same as CreatePolicy with the addition of
the ability to pass a context and additional request options.

See CreatePolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation CreateRole for usage and error information.

Returned Error Codes:

* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.
* ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
The request was rejected because it attempted to create a resource that already
exists.
* ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
The request was rejected because the policy document was malformed. The error
message describes the specific error.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

CreateRoleRequest generates a "aws/request.Request" representing the
client's request for the CreateRole operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See CreateRole for more information on using the CreateRole
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

CreateRoleWithContext is the same as CreateRole with the addition of
the ability to pass a context and additional request options.

See CreateRole for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

The SAML provider resource that you create with this operation can be used
as a principal in an IAM role's trust policy. Such a policy can enable federated
users who sign-in using the SAML IdP to assume the role. You can create an
IAM role that supports Web-based single sign-on (SSO) to the AWS Management
Console or one that supports API access to AWS.

When you create the SAML provider resource, you upload a SAML metadata document
that you get from your IdP. That document includes the issuer's name, expiration
information, and keys that can be used to validate the SAML authentication
response (assertions) that the IdP sends. You must generate the metadata
document using the identity management software that is used as your organization's
IdP.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation CreateSAMLProvider for usage and error information.

Returned Error Codes:

* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.
* ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
The request was rejected because it attempted to create a resource that already
exists.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

CreateSAMLProviderRequest generates a "aws/request.Request" representing the
client's request for the CreateSAMLProvider operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See CreateSAMLProvider for more information on using the CreateSAMLProvider
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

CreateSAMLProviderWithContext is the same as CreateSAMLProvider with the addition of
the ability to pass a context and additional request options.

See CreateSAMLProvider for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Creates an IAM role that is linked to a specific AWS service. The service
controls the attached policies and when the role can be deleted. This helps
ensure that the service is not broken by an unexpectedly changed or deleted
role, which could put your AWS resources into an unknown state. Allowing
the service to control the role helps improve service stability and proper
cleanup when a service and its role are no longer needed.

The name of the role is generated by combining the string that you specify
for the AWSServiceName parameter with the string that you specify for the
CustomSuffix parameter. The resulting name must be unique in your account
or the request fails.

To attach a policy to this service-linked role, you must make the request
using the AWS service that depends on this role.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation CreateServiceLinkedRole for usage and error information.

Returned Error Codes:

* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

CreateServiceLinkedRoleRequest generates a "aws/request.Request" representing the
client's request for the CreateServiceLinkedRole operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See CreateServiceLinkedRole for more information on using the CreateServiceLinkedRole
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

CreateServiceLinkedRoleWithContext is the same as CreateServiceLinkedRole with the addition of
the ability to pass a context and additional request options.

See CreateServiceLinkedRole for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Generates a set of credentials consisting of a user name and password that
can be used to access the service specified in the request. These credentials
are generated by IAM, and can be used only for the specified service.

You can have a maximum of two sets of service-specific credentials for each
supported service per user.

The only supported service at this time is AWS CodeCommit.

You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation CreateServiceSpecificCredential for usage and error information.

Returned Error Codes:

* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeServiceNotSupportedException "NotSupportedService"
The specified service does not support service-specific credentials.

CreateServiceSpecificCredentialRequest generates a "aws/request.Request" representing the
client's request for the CreateServiceSpecificCredential operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See CreateServiceSpecificCredential for more information on using the CreateServiceSpecificCredential
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

CreateServiceSpecificCredentialWithContext is the same as CreateServiceSpecificCredential with the addition of
the ability to pass a context and additional request options.

See CreateServiceSpecificCredential for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation CreateUser for usage and error information.

Returned Error Codes:

* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
The request was rejected because it attempted to create a resource that already
exists.
* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

CreateUserRequest generates a "aws/request.Request" representing the
client's request for the CreateUser operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See CreateUser for more information on using the CreateUser
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

CreateUserWithContext is the same as CreateUser with the addition of
the ability to pass a context and additional request options.

See CreateUser for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Creates a new virtual MFA device for the AWS account. After creating the
virtual MFA, use EnableMFADevice to attach the MFA device to an IAM user.
For more information about creating and working with virtual MFA devices,
go to Using a Virtual MFA Device (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html)
in the IAM User Guide.

The seed information contained in the QR code and the Base32 string should
be treated like any other secret access information, such as your AWS access
keys or your passwords. After you provision your virtual device, you should
ensure that the information is destroyed following secure procedures.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation CreateVirtualMFADevice for usage and error information.

Returned Error Codes:

* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
The request was rejected because it attempted to create a resource that already
exists.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

CreateVirtualMFADeviceRequest generates a "aws/request.Request" representing the
client's request for the CreateVirtualMFADevice operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See CreateVirtualMFADevice for more information on using the CreateVirtualMFADevice
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

CreateVirtualMFADeviceWithContext is the same as CreateVirtualMFADevice with the addition of
the ability to pass a context and additional request options.

See CreateVirtualMFADevice for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeactivateMFADevice for usage and error information.

Returned Error Codes:

* ErrCodeEntityTemporarilyUnmodifiableException "EntityTemporarilyUnmodifiable"
The request was rejected because it referenced an entity that is temporarily
unmodifiable, such as a user name that was deleted and then recreated. The
error indicates that the request is likely to succeed if you try again after
waiting several minutes. The error message describes the entity.
* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeactivateMFADeviceRequest generates a "aws/request.Request" representing the
client's request for the DeactivateMFADevice operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeactivateMFADevice for more information on using the DeactivateMFADevice
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeactivateMFADeviceWithContext is the same as DeactivateMFADevice with the addition of
the ability to pass a context and additional request options.

See DeactivateMFADevice for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

If you do not specify a user name, IAM determines the user name implicitly
based on the AWS access key ID signing the request. Because this operation
works for access keys under the AWS account, you can use this operation to
manage AWS account root user credentials even if the AWS account has no associated
users.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteAccessKey for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeleteAccessKeyRequest generates a "aws/request.Request" representing the
client's request for the DeleteAccessKey operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteAccessKey for more information on using the DeleteAccessKey
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteAccessKeyWithContext is the same as DeleteAccessKey with the addition of
the ability to pass a context and additional request options.

See DeleteAccessKey for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteAccountAlias for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeleteAccountAliasRequest generates a "aws/request.Request" representing the
client's request for the DeleteAccountAlias operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteAccountAlias for more information on using the DeleteAccountAlias
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteAccountAliasWithContext is the same as DeleteAccountAlias with the addition of
the ability to pass a context and additional request options.

See DeleteAccountAlias for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Deletes the password policy for the AWS account. There are no parameters.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteAccountPasswordPolicy for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeleteAccountPasswordPolicyRequest generates a "aws/request.Request" representing the
client's request for the DeleteAccountPasswordPolicy operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteAccountPasswordPolicy for more information on using the DeleteAccountPasswordPolicy
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteAccountPasswordPolicyWithContext is the same as DeleteAccountPasswordPolicy with the addition of
the ability to pass a context and additional request options.

See DeleteAccountPasswordPolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Deletes the specified IAM group. The group must not contain any users or
have any attached policies.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteGroup for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeDeleteConflictException "DeleteConflict"
The request was rejected because it attempted to delete a resource that has
attached subordinate entities. The error message describes these entities.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteGroupPolicy for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeleteGroupPolicyRequest generates a "aws/request.Request" representing the
client's request for the DeleteGroupPolicy operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteGroupPolicy for more information on using the DeleteGroupPolicy
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteGroupPolicyWithContext is the same as DeleteGroupPolicy with the addition of
the ability to pass a context and additional request options.

See DeleteGroupPolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

DeleteGroupRequest generates a "aws/request.Request" representing the
client's request for the DeleteGroup operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteGroup for more information on using the DeleteGroup
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteGroupWithContext is the same as DeleteGroup with the addition of
the ability to pass a context and additional request options.

See DeleteGroup for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Deletes the specified instance profile. The instance profile must not have
an associated role.

Make sure that you do not have any Amazon EC2 instances running with the
instance profile you are about to delete. Deleting a role or instance profile
that is associated with a running instance will break any applications running
on the instance.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteInstanceProfile for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeDeleteConflictException "DeleteConflict"
The request was rejected because it attempted to delete a resource that has
attached subordinate entities. The error message describes these entities.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeleteInstanceProfileRequest generates a "aws/request.Request" representing the
client's request for the DeleteInstanceProfile operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteInstanceProfile for more information on using the DeleteInstanceProfile
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteInstanceProfileWithContext is the same as DeleteInstanceProfile with the addition of
the ability to pass a context and additional request options.

See DeleteInstanceProfile for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Deletes the password for the specified IAM user, which terminates the user's
ability to access AWS services through the AWS Management Console.

Deleting a user's password does not prevent a user from accessing AWS through
the command line interface or the API. To prevent all user access you must
also either make any access keys inactive or delete them. For more information
about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteLoginProfile for usage and error information.

Returned Error Codes:

* ErrCodeEntityTemporarilyUnmodifiableException "EntityTemporarilyUnmodifiable"
The request was rejected because it referenced an entity that is temporarily
unmodifiable, such as a user name that was deleted and then recreated. The
error indicates that the request is likely to succeed if you try again after
waiting several minutes. The error message describes the entity.
* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeleteLoginProfileRequest generates a "aws/request.Request" representing the
client's request for the DeleteLoginProfile operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteLoginProfile for more information on using the DeleteLoginProfile
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteLoginProfileWithContext is the same as DeleteLoginProfile with the addition of
the ability to pass a context and additional request options.

See DeleteLoginProfile for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Deleting an IAM OIDC provider resource does not update any roles that reference
the provider as a principal in their trust policies. Any attempt to assume
a role that references a deleted provider fails.

This operation is idempotent; it does not fail or return an error if you
call the operation for a provider that does not exist.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteOpenIDConnectProvider for usage and error information.

Returned Error Codes:

* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.
* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeleteOpenIDConnectProviderRequest generates a "aws/request.Request" representing the
client's request for the DeleteOpenIDConnectProvider operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteOpenIDConnectProvider for more information on using the DeleteOpenIDConnectProvider
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteOpenIDConnectProviderWithContext is the same as DeleteOpenIDConnectProvider with the addition of
the ability to pass a context and additional request options.

See DeleteOpenIDConnectProvider for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Before you can delete a managed policy, you must first detach the policy
from all users, groups, and roles that it is attached to. In addition you
must delete all the policy's versions. The following steps describe the process
for deleting a managed policy:

* Detach the policy from all users, groups, and roles that the policy
is attached to, using the DetachUserPolicy, DetachGroupPolicy, or DetachRolePolicy
API operations. To list all the users, groups, and roles that a policy
is attached to, use ListEntitiesForPolicy.
* Delete all versions of the policy using DeletePolicyVersion. To list
the policy's versions, use ListPolicyVersions. You cannot use DeletePolicyVersion
to delete the version that is marked as the default version. You delete
the policy's default version in the next step of the process.
* Delete the policy (this automatically deletes the policy's default version)
using this API.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeletePolicy for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.
* ErrCodeDeleteConflictException "DeleteConflict"
The request was rejected because it attempted to delete a resource that has
attached subordinate entities. The error message describes these entities.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeletePolicyRequest generates a "aws/request.Request" representing the
client's request for the DeletePolicy operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeletePolicy for more information on using the DeletePolicy
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

You cannot delete the default version from a policy using this API. To delete
the default version from a policy, use DeletePolicy. To find out which version
of a policy is marked as the default version, use ListPolicyVersions.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeletePolicyVersion for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.
* ErrCodeDeleteConflictException "DeleteConflict"
The request was rejected because it attempted to delete a resource that has
attached subordinate entities. The error message describes these entities.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeletePolicyVersionRequest generates a "aws/request.Request" representing the
client's request for the DeletePolicyVersion operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeletePolicyVersion for more information on using the DeletePolicyVersion
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeletePolicyVersionWithContext is the same as DeletePolicyVersion with the addition of
the ability to pass a context and additional request options.

See DeletePolicyVersion for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

DeletePolicyWithContext is the same as DeletePolicy with the addition of
the ability to pass a context and additional request options.

See DeletePolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Make sure that you do not have any Amazon EC2 instances running with the
role you are about to delete. Deleting a role or instance profile that is
associated with a running instance will break any applications running on
the instance.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteRole for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeDeleteConflictException "DeleteConflict"
The request was rejected because it attempted to delete a resource that has
attached subordinate entities. The error message describes these entities.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeUnmodifiableEntityException "UnmodifiableEntity"
The request was rejected because only the service that depends on the service-linked
role can modify or delete the role on your behalf. The error message includes
the name of the service that depends on this service-linked role. You must
request the change through that service.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

Deleting the permissions boundary for a role might increase its permissions
by allowing anyone who assumes the role to perform all the actions granted
in its permissions policies.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteRolePermissionsBoundary for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeUnmodifiableEntityException "UnmodifiableEntity"
The request was rejected because only the service that depends on the service-linked
role can modify or delete the role on your behalf. The error message includes
the name of the service that depends on this service-linked role. You must
request the change through that service.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeleteRolePermissionsBoundaryRequest generates a "aws/request.Request" representing the
client's request for the DeleteRolePermissionsBoundary operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteRolePermissionsBoundary for more information on using the DeleteRolePermissionsBoundary
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteRolePermissionsBoundaryWithContext is the same as DeleteRolePermissionsBoundary with the addition of
the ability to pass a context and additional request options.

See DeleteRolePermissionsBoundary for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteRolePolicy for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeUnmodifiableEntityException "UnmodifiableEntity"
The request was rejected because only the service that depends on the service-linked
role can modify or delete the role on your behalf. The error message includes
the name of the service that depends on this service-linked role. You must
request the change through that service.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeleteRolePolicyRequest generates a "aws/request.Request" representing the
client's request for the DeleteRolePolicy operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteRolePolicy for more information on using the DeleteRolePolicy
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteRolePolicyWithContext is the same as DeleteRolePolicy with the addition of
the ability to pass a context and additional request options.

See DeleteRolePolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

DeleteRoleRequest generates a "aws/request.Request" representing the
client's request for the DeleteRole operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteRole for more information on using the DeleteRole
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteRoleWithContext is the same as DeleteRole with the addition of
the ability to pass a context and additional request options.

See DeleteRole for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Deleting the provider resource from IAM does not update any roles that reference
the SAML provider resource's ARN as a principal in their trust policies.
Any attempt to assume a role that references a non-existent provider resource
ARN fails.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteSAMLProvider for usage and error information.

Returned Error Codes:

* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeleteSAMLProviderRequest generates a "aws/request.Request" representing the
client's request for the DeleteSAMLProvider operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteSAMLProvider for more information on using the DeleteSAMLProvider
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteSAMLProviderWithContext is the same as DeleteSAMLProvider with the addition of
the ability to pass a context and additional request options.

See DeleteSAMLProvider for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

DeleteSSHPublicKeyRequest generates a "aws/request.Request" representing the
client's request for the DeleteSSHPublicKey operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteSSHPublicKey for more information on using the DeleteSSHPublicKey
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteSSHPublicKeyWithContext is the same as DeleteSSHPublicKey with the addition of
the ability to pass a context and additional request options.

See DeleteSSHPublicKey for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

If you are using a server certificate with Elastic Load Balancing, deleting
the certificate could have implications for your application. If Elastic
Load Balancing doesn't detect the deletion of bound certificates, it may
continue to use the certificates. This could cause Elastic Load Balancing
to stop accepting traffic. We recommend that you remove the reference to
the certificate from Elastic Load Balancing before using this command to
delete the certificate. For more information, go to DeleteLoadBalancerListeners
(http://docs.aws.amazon.com/ElasticLoadBalancing/latest/APIReference/API_DeleteLoadBalancerListeners.html)
in the Elastic Load Balancing API Reference.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteServerCertificate for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeDeleteConflictException "DeleteConflict"
The request was rejected because it attempted to delete a resource that has
attached subordinate entities. The error message describes these entities.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeleteServerCertificateRequest generates a "aws/request.Request" representing the
client's request for the DeleteServerCertificate operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteServerCertificate for more information on using the DeleteServerCertificate
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteServerCertificateWithContext is the same as DeleteServerCertificate with the addition of
the ability to pass a context and additional request options.

See DeleteServerCertificate for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Submits a service-linked role deletion request and returns a DeletionTaskId,
which you can use to check the status of the deletion. Before you call this
operation, confirm that the role has no active sessions and that any resources
used by the role in the linked service are deleted. If you call this operation
more than once for the same service-linked role and an earlier deletion task
is not complete, then the DeletionTaskId of the earlier request is returned.

If you submit a deletion request for a service-linked role whose linked service
is still accessing a resource, then the deletion task fails. If it fails,
the GetServiceLinkedRoleDeletionStatus API operation returns the reason for
the failure, usually including the resources that must be deleted. To delete
the service-linked role, you must first remove those resources from the linked
service and then submit the deletion request again. Resources are specific
to the service that is linked to the role. For more information about removing
resources from a service, see the AWS documentation (http://docs.aws.amazon.com/)
for your service.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteServiceLinkedRole for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeleteServiceLinkedRoleRequest generates a "aws/request.Request" representing the
client's request for the DeleteServiceLinkedRole operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteServiceLinkedRole for more information on using the DeleteServiceLinkedRole
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteServiceLinkedRoleWithContext is the same as DeleteServiceLinkedRole with the addition of
the ability to pass a context and additional request options.

See DeleteServiceLinkedRole for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

DeleteServiceSpecificCredentialRequest generates a "aws/request.Request" representing the
client's request for the DeleteServiceSpecificCredential operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteServiceSpecificCredential for more information on using the DeleteServiceSpecificCredential
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteServiceSpecificCredentialWithContext is the same as DeleteServiceSpecificCredential with the addition of
the ability to pass a context and additional request options.

See DeleteServiceSpecificCredential for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

If you do not specify a user name, IAM determines the user name implicitly
based on the AWS access key ID signing the request. Because this operation
works for access keys under the AWS account, you can use this operation to
manage AWS account root user credentials even if the AWS account has no associated
IAM users.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteSigningCertificate for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeleteSigningCertificateRequest generates a "aws/request.Request" representing the
client's request for the DeleteSigningCertificate operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteSigningCertificate for more information on using the DeleteSigningCertificate
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteSigningCertificateWithContext is the same as DeleteSigningCertificate with the addition of
the ability to pass a context and additional request options.

See DeleteSigningCertificate for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Deletes the specified IAM user. The user must not belong to any groups or
have any access keys, signing certificates, or attached policies.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteUser for usage and error information.

Returned Error Codes:

* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeDeleteConflictException "DeleteConflict"
The request was rejected because it attempted to delete a resource that has
attached subordinate entities. The error message describes these entities.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

Deleting the permissions boundary for a user might increase its permissions
by allowing the user to perform all the actions granted in its permissions
policies.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteUserPermissionsBoundary for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeleteUserPermissionsBoundaryRequest generates a "aws/request.Request" representing the
client's request for the DeleteUserPermissionsBoundary operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteUserPermissionsBoundary for more information on using the DeleteUserPermissionsBoundary
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteUserPermissionsBoundaryWithContext is the same as DeleteUserPermissionsBoundary with the addition of
the ability to pass a context and additional request options.

See DeleteUserPermissionsBoundary for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteUserPolicy for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeleteUserPolicyRequest generates a "aws/request.Request" representing the
client's request for the DeleteUserPolicy operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteUserPolicy for more information on using the DeleteUserPolicy
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteUserPolicyWithContext is the same as DeleteUserPolicy with the addition of
the ability to pass a context and additional request options.

See DeleteUserPolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

DeleteUserRequest generates a "aws/request.Request" representing the
client's request for the DeleteUser operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteUser for more information on using the DeleteUser
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteUserWithContext is the same as DeleteUser with the addition of
the ability to pass a context and additional request options.

See DeleteUser for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

You must deactivate a user's virtual MFA device before you can delete it.
For information about deactivating MFA devices, see DeactivateMFADevice.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DeleteVirtualMFADevice for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeDeleteConflictException "DeleteConflict"
The request was rejected because it attempted to delete a resource that has
attached subordinate entities. The error message describes these entities.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DeleteVirtualMFADeviceRequest generates a "aws/request.Request" representing the
client's request for the DeleteVirtualMFADevice operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DeleteVirtualMFADevice for more information on using the DeleteVirtualMFADevice
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DeleteVirtualMFADeviceWithContext is the same as DeleteVirtualMFADevice with the addition of
the ability to pass a context and additional request options.

See DeleteVirtualMFADevice for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DetachGroupPolicy for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DetachGroupPolicyRequest generates a "aws/request.Request" representing the
client's request for the DetachGroupPolicy operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DetachGroupPolicy for more information on using the DetachGroupPolicy
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DetachGroupPolicyWithContext is the same as DetachGroupPolicy with the addition of
the ability to pass a context and additional request options.

See DetachGroupPolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DetachRolePolicy for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.
* ErrCodeUnmodifiableEntityException "UnmodifiableEntity"
The request was rejected because only the service that depends on the service-linked
role can modify or delete the role on your behalf. The error message includes
the name of the service that depends on this service-linked role. You must
request the change through that service.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DetachRolePolicyRequest generates a "aws/request.Request" representing the
client's request for the DetachRolePolicy operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DetachRolePolicy for more information on using the DetachRolePolicy
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DetachRolePolicyWithContext is the same as DetachRolePolicy with the addition of
the ability to pass a context and additional request options.

See DetachRolePolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation DetachUserPolicy for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

DetachUserPolicyRequest generates a "aws/request.Request" representing the
client's request for the DetachUserPolicy operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See DetachUserPolicy for more information on using the DetachUserPolicy
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

DetachUserPolicyWithContext is the same as DetachUserPolicy with the addition of
the ability to pass a context and additional request options.

See DetachUserPolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Enables the specified MFA device and associates it with the specified IAM
user. When enabled, the MFA device is required for every subsequent login
by the IAM user associated with the device.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation EnableMFADevice for usage and error information.

Returned Error Codes:

* ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
The request was rejected because it attempted to create a resource that already
exists.
* ErrCodeEntityTemporarilyUnmodifiableException "EntityTemporarilyUnmodifiable"
The request was rejected because it referenced an entity that is temporarily
unmodifiable, such as a user name that was deleted and then recreated. The
error indicates that the request is likely to succeed if you try again after
waiting several minutes. The error message describes the entity.
* ErrCodeInvalidAuthenticationCodeException "InvalidAuthenticationCode"
The request was rejected because the authentication code was not recognized.
The error message describes the specific error.
* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

EnableMFADeviceRequest generates a "aws/request.Request" representing the
client's request for the EnableMFADevice operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See EnableMFADevice for more information on using the EnableMFADevice
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

EnableMFADeviceWithContext is the same as EnableMFADevice with the addition of
the ability to pass a context and additional request options.

See EnableMFADevice for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation GenerateCredentialReport for usage and error information.

Returned Error Codes:

* ErrCodeLimitExceededException "LimitExceeded"
The request was rejected because it attempted to create resources beyond
the current AWS account limits. The error message describes the limit exceeded.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

GenerateCredentialReportRequest generates a "aws/request.Request" representing the
client's request for the GenerateCredentialReport operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See GenerateCredentialReport for more information on using the GenerateCredentialReport
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

GenerateCredentialReportWithContext is the same as GenerateCredentialReport with the addition of
the ability to pass a context and additional request options.

See GenerateCredentialReport for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Retrieves information about when the specified access key was last used.
The information includes the date and time of last use, along with the AWS
service and region that were specified in the last request made with that
key.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation GetAccessKeyLastUsed for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.

GetAccessKeyLastUsedRequest generates a "aws/request.Request" representing the
client's request for the GetAccessKeyLastUsed operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See GetAccessKeyLastUsed for more information on using the GetAccessKeyLastUsed
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

GetAccessKeyLastUsedWithContext is the same as GetAccessKeyLastUsed with the addition of
the ability to pass a context and additional request options.

See GetAccessKeyLastUsed for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Retrieves information about all IAM users, groups, roles, and policies in
your AWS account, including their relationships to one another. Use this
API to obtain a snapshot of the configuration of IAM permissions (users,
groups, roles, and policies) in your account.

Policies returned by this API are URL-encoded compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986).
You can use a URL decoding method to convert the policy back to plain JSON
text. For example, if you use Java, you can use the decode method of the
java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
provide similar functionality.

You can optionally filter the results using the Filter parameter. You can
paginate the results using the MaxItems and Marker parameters.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation GetAccountAuthorizationDetails for usage and error information.

Returned Error Codes:

* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

GetAccountAuthorizationDetailsPages iterates over the pages of a GetAccountAuthorizationDetails operation,
calling the "fn" function with the response data for each page. To stop
iterating, return false from the fn function.

See GetAccountAuthorizationDetails method for more information on how to use this operation.

GetAccountAuthorizationDetailsPagesWithContext same as GetAccountAuthorizationDetailsPages except
it takes a Context and allows setting request options on the pages.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

GetAccountAuthorizationDetailsRequest generates a "aws/request.Request" representing the
client's request for the GetAccountAuthorizationDetails operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See GetAccountAuthorizationDetails for more information on using the GetAccountAuthorizationDetails
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

GetAccountAuthorizationDetailsWithContext is the same as GetAccountAuthorizationDetails with the addition of
the ability to pass a context and additional request options.

See GetAccountAuthorizationDetails for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation GetAccountPasswordPolicy for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

GetAccountPasswordPolicyRequest generates a "aws/request.Request" representing the
client's request for the GetAccountPasswordPolicy operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See GetAccountPasswordPolicy for more information on using the GetAccountPasswordPolicy
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

GetAccountPasswordPolicyWithContext is the same as GetAccountPasswordPolicy with the addition of
the ability to pass a context and additional request options.

See GetAccountPasswordPolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

GetAccountSummaryRequest generates a "aws/request.Request" representing the
client's request for the GetAccountSummary operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See GetAccountSummary for more information on using the GetAccountSummary
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

GetAccountSummaryWithContext is the same as GetAccountSummary with the addition of
the ability to pass a context and additional request options.

See GetAccountSummary for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Gets a list of all of the context keys referenced in the input policies.
The policies are supplied as a list of one or more strings. To get the context
keys from policies associated with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy.

Context keys are variables maintained by AWS and its services that provide
details about the context of an API query request. Context keys can be evaluated
by testing against a value specified in an IAM policy. Use GetContextKeysForCustomPolicy
to understand what key names and values you must supply when you call SimulateCustomPolicy.
Note that all parameters are shown in unencoded form here for clarity but
must be URL encoded to be included as a part of a real HTML request.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation GetContextKeysForCustomPolicy for usage and error information.

Returned Error Codes:

* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.

GetContextKeysForCustomPolicyRequest generates a "aws/request.Request" representing the
client's request for the GetContextKeysForCustomPolicy operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See GetContextKeysForCustomPolicy for more information on using the GetContextKeysForCustomPolicy
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

GetContextKeysForCustomPolicyWithContext is the same as GetContextKeysForCustomPolicy with the addition of
the ability to pass a context and additional request options.

See GetContextKeysForCustomPolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Gets a list of all of the context keys referenced in all the IAM policies
that are attached to the specified IAM entity. The entity can be an IAM user,
group, or role. If you specify a user, then the request also includes all
of the policies attached to groups that the user is a member of.

You can optionally include a list of one or more additional policies, specified
as strings. If you want to include only a list of policies by string, use
GetContextKeysForCustomPolicy instead.

Note: This API discloses information about the permissions granted to other
users. If you do not want users to see other user's permissions, then consider
allowing them to use GetContextKeysForCustomPolicy instead.

Context keys are variables maintained by AWS and its services that provide
details about the context of an API query request. Context keys can be evaluated
by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy
to understand what key names and values you must supply when you call SimulatePrincipalPolicy.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation GetContextKeysForPrincipalPolicy for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeInvalidInputException "InvalidInput"
The request was rejected because an invalid or out-of-range value was supplied
for an input parameter.

GetContextKeysForPrincipalPolicyRequest generates a "aws/request.Request" representing the
client's request for the GetContextKeysForPrincipalPolicy operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See GetContextKeysForPrincipalPolicy for more information on using the GetContextKeysForPrincipalPolicy
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

GetContextKeysForPrincipalPolicyWithContext is the same as GetContextKeysForPrincipalPolicy with the addition of
the ability to pass a context and additional request options.

See GetContextKeysForPrincipalPolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation GetCredentialReport for usage and error information.

Returned Error Codes:

* ErrCodeCredentialReportNotPresentException "ReportNotPresent"
The request was rejected because the credential report does not exist. To
generate a credential report, use GenerateCredentialReport.
* ErrCodeCredentialReportExpiredException "ReportExpired"
The request was rejected because the most recent credential report has expired.
To generate a new credential report, use GenerateCredentialReport. For more
information about credential report expiration, see Getting Credential Reports
(http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)
in the IAM User Guide.
* ErrCodeCredentialReportNotReadyException "ReportInProgress"
The request was rejected because the credential report is still being generated.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

GetCredentialReportRequest generates a "aws/request.Request" representing the
client's request for the GetCredentialReport operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See GetCredentialReport for more information on using the GetCredentialReport
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

GetCredentialReportWithContext is the same as GetCredentialReport with the addition of
the ability to pass a context and additional request options.

See GetCredentialReport for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns a list of IAM users that are in the specified IAM group. You can
paginate the results using the MaxItems and Marker parameters.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation GetGroup for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

GetGroupPagesWithContext same as GetGroupPages except
it takes a Context and allows setting request options on the pages.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Retrieves the specified inline policy document that is embedded in the specified
IAM group.

Policies returned by this API are URL-encoded compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986).
You can use a URL decoding method to convert the policy back to plain JSON
text. For example, if you use Java, you can use the decode method of the
java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
provide similar functionality.

An IAM group can also have managed policies attached to it. To retrieve a
managed policy document that is attached to a group, use GetPolicy to determine
the policy's default version, then use GetPolicyVersion to retrieve the policy
document.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation GetGroupPolicy for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

GetGroupPolicyRequest generates a "aws/request.Request" representing the
client's request for the GetGroupPolicy operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See GetGroupPolicy for more information on using the GetGroupPolicy
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

GetGroupPolicyWithContext is the same as GetGroupPolicy with the addition of
the ability to pass a context and additional request options.

See GetGroupPolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

GetGroupRequest generates a "aws/request.Request" representing the
client's request for the GetGroup operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See GetGroup for more information on using the GetGroup
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

GetGroupWithContext is the same as GetGroup with the addition of
the ability to pass a context and additional request options.

See GetGroup for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation GetInstanceProfile for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.

GetInstanceProfileRequest generates a "aws/request.Request" representing the
client's request for the GetInstanceProfile operation. The "output" return
value will be populated with the request's response once the request completes
successfully.

Use "Send" method on the returned Request to send the API call to the service.
the "output" return value is not valid until after Send returns without error.

See GetInstanceProfile for more information on using the GetInstanceProfile
API call, and error handling.

This method is useful when you want to inject custom logic or configuration
into the SDK's request lifecycle. Such as custom headers, or retry logic.

GetInstanceProfileWithContext is the same as GetInstanceProfile with the addition of
the ability to pass a context and additional request options.

See GetInstanceProfile for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If
the context is nil a panic will occur. In the future the SDK may create
sub-contexts for http.Requests. See https://golang.org/pkg/context/
for more information on using Contexts.

Retrieves the user name and password-creation date for the specified IAM
user. If the user has not been assigned a password, the operation returns
a 404 (NoSuchEntity) error.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions
with awserr.Error's Code and Message methods to get detailed information about
the error.

See the AWS API reference guide for AWS Identity and Access Management's
API operation GetLoginProfile for usage and error information.

Returned Error Codes:

* ErrCodeNoSuchEntityException "NoSuchEntity"
The request was rejected because it referenced an entity that does not exist.
The error message describes the entity.
* ErrCodeServiceFailureException "ServiceFailure"
The request processing has failed because of an unknown error, exception
or failure.